Re: The Correct Amount

[Moses Hernandez <moses () moses io>]

PHP is … well it just is, and that happens to be the problem. There is no good way around it, it’s far too much in use 
to quickly deprecate and back out of, and it’s also very far from being well designed, or just designed at all. If you 
don’t believe anyone just Google “Why is PHP Such a horribly designed language” for all the fun references to the 
developers just magically patching this thing in real time to cobble the language. 

The problem with these kinds of things, is that PHP allowed us all to have stuff on the web very quickly, which we all 
liked. Facebook has no choice at this moment but to try and “correct” PHP the best it can, because stating over on a 
new Facebook is more than likely out of the question by now.

I don’t however see us going from better to best in the choices we are making. While we have some interesting languages 
like rust, what we are now seeing is migration away from PHP with people running (frantically) to Javascript 
frameworks. Ahh, Javascript, A language that was more or less designed in about 2 weeks time and that it’s only 
marketing was to use the ‘java’ in it. If you want to lol over Javascript, a co-worker pointed this out 
(https://www.destroyallsoftware.com/talks/wat <https://www.destroyallsoftware.com/talks/wat>)

To make matters worse than anything PHP has done, the javascript developers have decided that inside of javascript 
(which mostly runs on the client side inside a C++ compiled binary that we know as a browser) they will enable web 
assembly (https://brendaneich.com/2015/06/from-asm-js-to-webassembly/ 
<https://brendaneich.com/2015/06/from-asm-js-to-webassembly/>). This way you can run all those awesome native C and C++ 
apps inside of javascript inside your browser.

Or maybe on the server side as well. Who knows the possibilities here are endless, but then again we can all run Quake 
in our browser at the same speed as the native app so .. there’s that.

-@mosesrenegade

> On Aug 2, 2016, at 4:12 PM, Kristian Erik Hermansen <kristian.hermansen () gmail com> wrote:
>
> Do you feel the same way about FaceBook PHP? Or general PHP v7? It sounds like everyone has cancer, smokes, and is 
> pregnant...
>
>
> On Aug 2, 2016 8:59 AM, "dave aitel" <dave () immunityinc com <mailto:dave () immunityinc com>> wrote:
> Last week I did the technical review of one of our deliverables. Super secure website, run by smart people. They'd 
> limited their exposure to one PHP file. But a good security services company provides strategic advice, along with 
> individual tactical recommendations. In this case, the consultant found two critical vulnerabilities in just that one 
> lonely PHP file. Our strategic recommendation is always this: Use as much PHP on your website as cigarettes you would 
> allow a pregnant woman to smoke per day. 
>
> Everyone knows they should stop smoking. But sometimes it takes a doctor to pull up the X-Ray of your lungs and look 
> at them sadly for a brief second for you to invest in that first pack of nicotine gum. I'm not saying PHP is cancer, 
> I'm just saying that when I see Uber write up a long post <https://hackerone.com/uber> about how they're trying to 
> use Bug Bounties to help them secure their WordPress plugins it makes me think maybe they should go to the doctor 
> instead.
>
> -dave
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunityinc com <mailto:Dailydave () lists immunityinc com>
> https://lists.immunityinc.com/mailman/listinfo/dailydave <https://lists.immunityinc.com/mailman/listinfo/dailydave>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunityinc com
> https://lists.immunityinc.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave